Problem verifying EAP-TLS certificates (untrusted warning)
Alexey D. Filimonov
alexey at filimonic.net
Wed Nov 6 12:31:16 UTC 2024
Ok, thank you.
And as I checked, If I use `eap{tls-config{verify{client}}}`, it still
makes some checks internally through libssl, and it still shows message.
On 2024-11-06 12:39, Alan DeKok wrote:
> On Nov 5, 2024, at 7:46 PM, Alexey D. Filimonov <alexey at filimonic.net> wrote:
>> I have a problem with warning about "untrusted certificate" and rejecting if set "reject_unknown_intermediate_ca = yes".
>> Could you help me solving this issue?
> For now, ignore it. You can update the EAP module configuration to allow untrusted certificates.
>
> So far as we can tell, we're using the OpenSSL APIs correctly. This issue seems to come up more in recent versions of OpenSSL, for reasons which aren't clear.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list